DevFW-CICD/ingress-nginx-helm
16
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
4719 commits 4 branches 217 tags 166 MiB
Commit graph

4719 commits

This branch
This branch
All branches
Author SHA1 Message Date
Kubernetes Prow Robot
12c570c577 Merge pull request #4826 from ElvinEfendi/fix-duplicate-hsts 
regression test and fix for duplicate hsts bug
 2019-12-12 11:10:32 -08:00
Elvin Efendi
41112332b5 misc: improve build scripts 2019-12-12 13:49:28 -05:00
Elvin Efendi
ca3e934cba fix duplicate hsts bug 2019-12-12 13:49:13 -05:00
Elvin Efendi
1bfd79c11c regression test for duplicate hsts 2019-12-12 13:45:43 -05:00
Manuel Alejandro de Brito Fontes
686a01dbb4 Cleanup test 2019-12-10 22:45:11 -03:00
Manuel Alejandro de Brito Fontes
7c3c282d7e Check the configmap is valid 2019-12-10 22:45:02 -03:00
Kubernetes Prow Robot
39d6cc4c97 Merge pull request #4816 from kdomanski/fix-ssl-redirect 
apply default certificate again in cases of invalid or incomplete cert config
 2019-12-10 17:40:05 -08:00
Manuel Alejandro de Brito Fontes
7c6850a92c Update go dependencies to v1.17.0 2019-12-10 21:55:54 -03:00
Kamil Domański
666688ee0a add e2e test for HTTP->HTTPS redirection 2019-12-09 15:56:21 +01:00
Kubernetes Prow Robot
a50f5d0d9a Merge pull request #4813 from aledbf/ssl-ciphers 
Update default SSL ciphers
 2019-12-06 15:05:53 -08:00
Kamil Domański
9b708258d1 apply default certificate again in cases of invalid or incomplete cert config 
Signed-off-by: Kamil Domański <kamil@domanski.co>
 2019-12-06 12:15:52 +01:00
Manuel Alejandro de Brito Fontes
ed99f04a30 Update default SSL ciphers 2019-12-05 19:34:53 -03:00
Manuel Alejandro de Brito Fontes
248ddeadae Allow custom CA certificate when flag --api-server is specified (#4807) 2019-12-05 19:12:54 -03:00
Kubernetes Prow Robot
1fb54a737c Merge pull request #4806 from aledbf/build 
Add log to parallel command to dump logs in case of errors
 2019-12-02 18:08:57 -08:00
Manuel Alejandro de Brito Fontes
176678ce8e Update nginx and e2e images (#4805) 2019-12-02 14:36:49 -03:00
Kubernetes Prow Robot
4c14edfaf7 Merge pull request #4797 from pauvos/dashboard-datasource 
Add a datasource variable $DS_PROMETHEUS
 2019-12-02 07:55:05 -08:00
Manuel Alejandro de Brito Fontes
4b96ce3609 Update nginx image to fix regression in jaeger tracing (#4803) 2019-12-02 12:17:26 -03:00
Manuel Alejandro de Brito Fontes
25212b1647 Fix markdown list (#4801) 2019-12-01 21:57:09 -03:00
Manuel Alejandro de Brito Fontes
9deed184f6 Update sysctl example (#4800) 2019-12-01 21:48:00 -03:00
Paul Voss
faaf7a5958 Add a datasource variable $DS_PROMETHEUS 2019-11-30 14:04:39 +01:00
Manuel Alejandro de Brito Fontes
3d5165bca3 Update nginx image and Go to 1.13.4 (#4785) 2019-11-29 15:20:18 -03:00
Kubernetes Prow Robot
820ffc51b5 Merge pull request #4793 from MMeent/patch-2 
Fix issue in logic of modsec template
 2019-11-28 10:57:04 -08:00
Kubernetes Prow Robot
31d594cff0 Merge pull request #4794 from sablumiah/patch-1 
Remove extra annotation when Enabling ModSecurity
 2019-11-28 10:13:04 -08:00
Sablu Miah
871033d0ae Remove extra annotation when Enabling ModSecurity 
Since version 0.25, if you try to use both annotations of:

nginx.ingress.kubernetes.io/modsecurity-snippet: |
Include /etc/nginx/owasp-modsecurity-crs/nginx-modsecurity.conf
Include /etc/nginx/modsecurity/modsecurity.conf

and 

nginx.ingress.kubernetes.io/enable-modsecurity: "true"

it breaks nginx config and you will not catch it unless you have nginx admission controller enabled. 

You do not need the annotation of `Include /etc/nginx/modsecurity/modsecurity.conf` from version 0.25
 2019-11-28 15:16:09 +00:00
MMeent
4a4025e578 Fix issue in logic of modsec template 
according to go templates: `(and ((not false) false))` == `true`

the only way to remove the owasp rules from every location is to disable modsec on that location, or to enable owasp globally, both not-so-great choices.

This commit fixes the logic issue by fixing the and-clause in the if-statement. As a result this reduces global resource usages when modsecurity is configured globally, but not on every location.
 2019-11-28 14:56:41 +01:00
Kubernetes Prow Robot
f9dfff9063 Merge pull request #4791 from bouk/manifest-add-staticport 
deploy: add protocol to all Container/ServicePorts
 2019-11-28 05:05:04 -08:00
Bouke van der Bijl
3dff92a9f3 deploy: add protocol to all Container/ServicePorts 
kubectl apply --server-side currently doesn't work with Port specs that
are missing protocol:
https://github.com/kubernetes-sigs/structured-merge-diff/issues/130 so
we should always specify it.
 2019-11-28 12:41:48 +00:00
Manuel Alejandro de Brito Fontes
449af8e4a3 Add log to parallel command to dump logs in case of errors 2019-11-27 22:01:50 -03:00
Kubernetes Prow Robot
d67126d305 Merge pull request #4780 from aledbf/openresty-master 
Update nginx image to use openresty master
 2019-11-27 12:33:03 -08:00
Kubernetes Prow Robot
4235e3e779 Merge pull request #4779 from aledbf/update-image 
Remove lua-resty-waf feature
 2019-11-27 11:45:05 -08:00
Kubernetes Prow Robot
ffa84b1284 Merge pull request #4732 from willthames/enable-opentracing-annotation 
Allow enabling/disabling opentracing for ingresses
 2019-11-26 17:31:21 -08:00
Will Thames
fcccd63002 Improve safety of AWS-based builds 
Ensure that AWS and Docker credentials don't get
accidentally added
 2019-11-27 11:07:26 +10:00
Will Thames
3716655525 Provide annotation to control opentracing 
By default you might want opentracing off, but on for a particular
ingress.

Similarly, you might want opentracing globally on, but disabled for
a specific endpoint. To achieve this, `opentracing_propagate_context`
cannot be set when combined with `opentracing off`

A new annotation, `enable-opentracing` allows more fine grained control
of opentracing for specific ingresses.
 2019-11-27 11:07:26 +10:00
Kubernetes Prow Robot
11c7e3001b Merge pull request #4777 from Miouge1/x-forwarded-prefix-chanegelog 
[docs] Add info about x-forwarded-prefix breaking change
 2019-11-26 15:57:20 -08:00
Kubernetes Prow Robot
7fe61dfd26 Merge pull request #4700 from TronWallet/fix/nodeport_externalips 
adds hability to use externalIP when controller service is of type NodePort
 2019-11-26 15:33:20 -08:00
Manuel Alejandro de Brito Fontes
523a856d55 Remove Lua resty waf feature 2019-11-26 10:37:43 -03:00
Miouge1
efb5c28693 Add info about x-forwarded-prefix breaking change 2019-11-26 10:11:02 +01:00
Kubernetes Prow Robot
d2b461a114 Merge pull request #4766 from AndiDog/dev-env-fixes 
dev-env.sh: fix for parsing `minikube status` output of newer versions, fix shellcheck lints
 2019-11-25 11:07:25 -08:00
Andreas Sommer
b3377a8980 Fix for parsing minikube status output of newer versions 
Changed in ca7d378aaa to "Configured" or "Misconfigured"
 2019-11-21 10:25:31 +01:00
Andreas Sommer
6838a2f25c Fix shellcheck lints in dev-env.sh 2019-11-21 10:23:19 +01:00
Kubernetes Prow Robot
f0c1862125 Merge pull request #4765 from mrbusche/master 
Fix extra word
 2019-11-20 17:41:28 -08:00
Matt Busche
cadacfe89f Fix extra word 2019-11-20 19:01:56 -06:00
Kubernetes Prow Robot
e452426997 Merge pull request #4749 from skomma/patch-1 
Update documentation for rate limiting
 2019-11-18 20:31:42 -08:00
Kubernetes Prow Robot
4ffc076e0c Merge pull request #4689 from janosi/upstream_ssl 
Server-only authentication of backends and per-location SSL config
 2019-11-18 19:49:43 -08:00
Kubernetes Prow Robot
9481d399e2 Merge pull request #4747 from FRI-DAY/image-add-opencontainer-source-label 
Docker image: Add source code reference label
 2019-11-18 19:23:41 -08:00
Michael Frister
89ef76490f Docker image: Add more opencontainers labels (incl. version) 2019-11-18 10:20:20 +01:00
Kubernetes Prow Robot
21a6767095 Merge pull request #4748 from argeas/update-static-ip-docs 
Update documentation for static ip example
 2019-11-14 05:07:35 -08:00
Syunsuke Komma
2af74cc9f0 Update annotations.md 
Add links to proxy-buffering section
 2019-11-13 12:54:42 +09:00
Syunsuke Komma
cbd7d60972 Update annotations.md 
Add notes of limit-rate/limit-rate-after
 2019-11-13 12:49:59 +09:00
argeas
60f4f3a490 fix ingress name in get example 2019-11-13 02:24:48 +00:00